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Amendments to the Claims: 

This listing of claims will replace all prior versions, and listings, of claims in the 
application: 

Listing of Claims: 

Claim 1 (currently amended): A method for administering portal security for an 
object, comprising th e steps of : 

extracting a native security setting comprising identities of external users 
or external groups, or both, from a native environment of the object; 

mapping , according to a predetermined process that Is executed 
according to information maintained in a portal database, the native security 
setting into a portal security setting associated with a portal that comprises a 
metadata object : aed 

associating in the portal said portal security setting with the object 
according to a predetermined security relationship: 

instantiating the predetermined security relationship between the 
metadata object and the corresponding native security setting; 

granting viewing or exposure access to the object by a particular user or 
group, or combinations thereof, and 

wherein said information maintained in the portal database comprises: 
portal user and portal group information including membership 
information relating the portal users to portal groups: and 

one or more synchronization maps that maps external groups or 
domains, or both, to one or more intermediate sets of identif[ers . 

Claim 2 (currently amended): The method of claim 1, wherein the native 
security setting sett i ng s comprisin g comprises an identity of an entity external to 
the portal having a predetemiined security relationship with the object in its 
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native environnnent, th e porta l compris i ng a m e tadata obj e ct corr e sponding to the 
objeGt. and wherein the mapping comprises furthor GQmpr i sing t h o - Gtcpo of: 
mapping the external entity into a corresponding portal entityf-aftd 
InctantiQting th e pr e d e t e rmin e d se cur i ty r el a ti on^h i p4?etw e en th e m e tadata obj e ct 
and tho oorresponding porta l entity . 

Claim 3 (currently amended): The method of claim 2, wherein said 
predetermined security relationship comprises fe viewing access. 

Claim 4 (currently amended): The method of claim 2, wherein the native 
security settings oompri s ing i dontitics - of ext e mal users and e xt e rna l groups 
hav i ng have the predetermined security relationship with the object in its native 
environmentr- feirth e r compr i s i ng th e st e ps of: 

mapping th e e xt e rn a l users and ext e rna l groups into corrooponding port al 

ysors - and groups according to a prodotorminod mapping procoss; and 

a c cociating - th e con- e spond i ng portal us e rs and porta l groups with th e 

objoot accord i ng to the p r odotormin e d s e curity r e lat i onship . 

Claim 5 (canceled) 

Claim 6 (currently amended): The method of claim 5, wherein said one or more 
maps i nfonnation maint ai ned In th e porta l databa se comprises: 

porta l user and portal group informat i on i nc l ud i ng m e mb e rship information 
f e l atwg-th e porta l uooro to portal groups; and 

a first synchronization map that maps external domains to an intermediate 
set of domain identifiers; and 

a second synchronization map that maps external groups to an 
intermediate set of group identifiers. 
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Claim 7 (original): The method of claim 6, wherein said portal users are 
identified by a concatenation of a portal domain identifier and a user name used 
by the external domain of the user, and wherein said portal groups are identified 
by a concatenation of a portal domain identifier and a group name used by the 
external domain of the group. 

Claim 8 (original) The method of claim 7, said predetermined mapping process 
comprising the steps of: 

forming a reflexive set of external users and external groups having 
access to the object, each member of the reflexive set being expressed as a 
concatenation of the external domain and the external user or external group; 

mapping each extemal domain indicated in each of the external users and 
extemal groups into to one or more portal domains using the first synchronization 
map; 

mapping each external group to one or more portal simple group names 
using the second synchronization map; 

forming a candidate set of all possible pairings between (i) all indicated 
external and portal domains, and (ii) all indicated external group and portal 
simple group names; 

comparing the candidate set to said portal user and portal group 
information; and 

deleting from the candidate set any memt>er not appearing in said portal 
user and portal group information; 

wherein the remaining members of the candidate set represent the 
corresponding portal users and portal groups having access to the object. 

Claim 9 (currently amended): A corporate portal apparatus svst e m , comprising 
one or more processor readable storage devices having processor readable 
code embodied thereon for proqrammina a one or more processors to perform a 
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method of administering portal security for an object said processor readable 
code comprising component modules including : 

a crawler for accessing external objects in external domains; 

a security extraction utility for extracting native security information^ 
comprising identities of extemal users or external groups, or both, corresponding 
to the external objects from one or more security systems of the external 
domains; and 

a database comprising information for mapping , according to a 
predetermined process that is executed according to information maintained in a 
portal database, the extracted native security infomiation into a security system 
of the corporate portal that comprises a metadata object : and 

wherein the apparatus comprises said one or more processors for 
performing said method which further includes instantiating the predetermined 
security relationship between the metadata obiect and the corresponding native 
security setting, and 

wherein said information maintained in the portal database comprises: 
portal user and portal group infomnation including membership 
information relating the portal users to portal groups; and 

one or more synchronization maps that maps external groups or 
domains, or both, to one or more intermediate sets of identifiers, and 

wherein the security system of the corporate portal regulates exposure of 
portal metadata objects corresponding to the external objects based on the 
mapped security information. 

Claim 10 (currently amended): The corporate portal apparatus system of claim 
9. further comprising a synchronization agent for accessing external user and 
external group infomnation from the external domains, wherein said database 
comprises infomnation derived at least in part from said extemal user and 
external group information. 
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Claim 1 1 (currently amended): The corporate portal apparatus Gyst e n pt of claim 

10, further comprising an administrative user interface for assisting a portal 
administrator in populating said database using information that includes said 
external user information and said external group infoimation. 

Claim 12 (currently amended): The corporate portal apparatus system of claim 

1 1 , wherein said synchronization agent is adapted and configured to extract user 
and group information from external domains having d i roetory - typ e s of: W i ndow s 
NT. LDAP, or ODBC , 

Claim 13 (currently amended): A One or more computer readable media 
encoded with a processor-readable computer program product for ti©e4n 
implementing a method of administering portal security for an object, the method 
comprising: 

comput e r cod e for extracting a native security setting comprising Identities 
of external users or external groups, or both, from a native environment of the 
object; 

comput e r codo for mapping , according to a predetermined process that is 
executed according to Information maintained in a portal database, the native 
security setting into a portal security setting associated with a portal that 
comprises a metadata object : an^ 

comput e r cod e for associating in the portal said portal security setting with 
the object according to a predetermined security relationship; 

instantiating the predetermined security relationship between the 
metadata object and the corresponding native security setting: and 

granting viewing or exposure access to the object by a particular user or 
group, or combinations thereof, and 

wherein said information maintained in the portal database comprises: 

Page 8 of 13 

SF\3116428.1 
354277-991900 



PAGE ?/13 * RCVD AT 10124/2005 6:33:22 PM [Eastern Daylight Time] ' SVR:USPTO-EFXRF-6/28 ' DNIS:2738300 ' CSID:415 836 2501 ' DURATION (fniMS):04-16 



10/24/05 15:35 FAX 415 836 2501 



DLAPRGC US LLP 



@1015/020 



AppK No- 09/896,039 

Amendment dated October 24. 2005 

Reply to Office Action mailed July 1, 2005 

portal user and portal group information including membership 
information relating the portal users to portal groups; and 

one or more synchronization maps that maps external groups or 
domains, or both, to one or more intermediate sets of identifiers . 

Claim 14 (currently amended): The one or more computer readable media 
comput e r program product of claim 13. wherein the native security setting 
se tt i ng s compri si ng comprises an identity of an entity e)rternal to the portal 
having a predetemiined security relationship with the object in its native 
environment, tho porta l compr i sing a m e tadat a obj e ct corr es pond i ng to th e 
objeetr and wherein the mapping comprises furth e r comprising comput e r cod e for 
mapping the external entity into a corresponding portal entityr-and 
computer cod e for instantiating th e pr e dotomiinod seourity - r el otionshlp bcfavco B 
tho motadota - object - and the - corresponding portal ent i ty . 

Claim 15 (currently amended): The one or more computer readable media 
computer fi f ogram - produot of claim 14, wherein said predetermined security 
relationship comprises is viewing access. 

Claim 16 (currently amended): The one or more computer readable media 
comput e r progr a m product of claim 14, wherein the native security settings 
comprising id e ntiti e s of e xt e rnal us e rs and e xt e ma k groups hav i ng have the 
predetermined security relationship with the object in its native environment! 
furth e r compri si ng th e s t e p s of: 

comput e r cod e for m a pping th e oxternal users and e xterna l groups into 

cort e spond i ng porta l us e r&<a R d - groups - acoording to a pr e d e t e rmin e d m a pping 
proc e ss; and 

comput e r cod e for associat i ng th e corr e sponding porta l us e r s a nd porta l 

groups with-the object according to th e pr e d e t e rmined socur i ty r ela tion s h i p . 
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Claim 17 (canceled) 

Claim 18 (currently amended): The one or more computer readable media 
comput e r program product of claim 17, wherein said one or more maps 
information mainta i n e d in th e portal d a taba se comprises: 

portal us e r and portal group information Including m e mb e rship i nformation 
re l ating tho porta l us e rs to porta l group s ; and 

a first synchronization map that maps external domains to an intermediate 
set of domain identifiers; and 

a second synchronization map that maps external groups to an 
intermediate set of group identifiers. 

Claim 19 (currently amended): The one or more computer readable media 
computor - p f ogram product of claim 18, wherein said portal users are identified by 
a concatenation of a portal domain identifier and a user name used by the 
external domain of the user, and wherein said portal groups are identified by a 
concatenation of a portal domain identifier and a group name used by the 
external domain of the group. 

Claim 20 (currently amended): The one or more computer readable media 
computer program product of claim 19» said computer code for mapping the 
external users and external groups into corresponding portal users and groups 
according to a predetermined mapping process comprising: 

computer code for forming a reflexive set of external users and external 
groups having access to the object, each member of the reflexive set being 
expressed as a concatenation of the external domain and the external user or 
external group; 
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computer code for mapping each external domain indicated in each of the 
extemal users and external groups into to one or more portal domains using the 
first synchronization map; 

computer code for mapping each extemal group to one or more portal 
simple group names using the second synchronization map; 

computer code for forming a candidate set of all possible pairings between 
(i).all indicated external and portal domains, and (ii) all indicated external group 
and portal simple group names; 

computer code for comparing the candidate set to said portal user and 
portal group mfomnation; and 

computer code for deleting from the candidate set any member not appearing in 
said portal user and portal group infomiation, wherein the remaining members of 
the candidate set represent the corresponding portal users and portal groups 
having access to the object. 
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